aboutsummaryrefslogtreecommitdiff
path: root/src/utils/push.rs
blob: 0e1b9ba8171fac3e29560857a959b95fa152869a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
use super::data;

use std::process::Stdio;
use tokio::process::Command;

pub async fn push_profile(
    profile: &data::Profile,
    profile_name: &str,
    node: &data::Node,
    node_name: &str,
    supports_flakes: bool,
    check_sigs: bool,
    repo: &str,
    merged_settings: &data::GenericSettings,
    deploy_data: &super::DeployData<'_>,
) -> Result<(), Box<dyn std::error::Error>> {
    info!(
        "Pushing profile `{}` for node `{}`",
        profile_name, node_name
    );

    debug!(
        "Building profile `{} for node `{}`",
        profile_name, node_name
    );

    if supports_flakes {
        Command::new("nix")
            .arg("build")
            .arg("--no-link")
            .arg(format!(
                "{}#deploy.nodes.{}.profiles.{}.path",
                repo, node_name, profile_name
            ))
            .stdout(Stdio::null())
            .stderr(Stdio::null())
            .spawn()?
            .await?;
    } else {
        Command::new("nix-build")
            .arg(&repo)
            .arg("-A")
            .arg(format!(
                "deploy.nodes.{}.profiles.{}.path",
                node_name, profile_name
            ))
            .stdout(Stdio::null())
            .stderr(Stdio::null())
            .spawn()?
            .await?;
    }

    if let Ok(local_key) = std::env::var("LOCAL_KEY") {
        info!(
            "Signing key present! Signing profile `{}` for node `{}`",
            profile_name, node_name
        );

        Command::new("nix")
            .arg("sign-paths")
            .arg("-r")
            .arg("-k")
            .arg(local_key)
            .arg(&profile.profile_settings.path)
            .arg(&deploy_data.current_exe)
            .stdout(Stdio::null())
            .stderr(Stdio::null())
            .spawn()?
            .await?;
    }

    debug!("Copying profile `{} for node `{}`", profile_name, node_name);

    let mut copy_command_ = Command::new("nix");
    let mut copy_command = copy_command_.arg("copy");

    if merged_settings.fast_connection {
        copy_command = copy_command.arg("--substitute-on-destination");
    }

    if !check_sigs {
        copy_command = copy_command.arg("--no-check-sigs");
    }

    let ssh_opts_str = merged_settings
        .ssh_opts
        // This should provide some extra safety, but it also breaks for some reason, oh well
        // .iter()
        // .map(|x| format!("'{}'", x))
        // .collect::<Vec<String>>()
        .join(" ");

    copy_command
        .arg("--to")
        .arg(format!(
            "ssh://{}@{}",
            deploy_data.ssh_user, node.node_settings.hostname
        ))
        .arg(&profile.profile_settings.path)
        .arg(&deploy_data.current_exe)
        .env("NIX_SSHOPTS", ssh_opts_str)
        .stdout(Stdio::null())
        .stderr(Stdio::null())
        .spawn()?
        .await?;

    Ok(())
}